« Reply #5822 on: February 14, 2019, 12:23:27 PM »
Thanks, I forwarded it...
Thank you.
https://www.bleepingcomputer.com/news/security/new-astaroth-trojan-variant-exploits-anti-malware-software-to-steal-info/Update February 13 2019 20:00 EST: Article updated post-publication with additional comments from Avast:
We learned today about this particular Astaroth trojan variant analyzed in Cybereason’s report. Since this is not an exploit, there is no obligation for them to provide formal or advance communication. The authors misuse a trusted binary to run the malware, in this case they used an Avast process, probably due to the size of our user base in the target country of Brazil. One important thing to consider is that this is neither an injection nor a privilege escalation. Installed Avast binaries have self-protection mechanisms in place to avoid injections. In this instance, they are using an Avast file to run a binary in a similar way that a DLL using Windows’ rundll32.exe can run. We had previously issued a detection for the malware so all Avast users are protected from this variant. Additionally, we will be implementing changes to our environment to ensure the same process cannot be misused in this way the future.
Hopeing that avast's aswrundll.exe is protected by Avast and it has self-protection mechanism too.
« Last Edit: February 14, 2019, 12:30:31 PM by Be Secure »
Logged
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast